svn commit: r349567 - head/sys/contrib/ipfilter/netinet

[Cy Schubert]

Author: cy
Date: Sun Jun 30 22:27:58 2019
New Revision: 349567
URL: https://svnweb.freebsd.org/changeset/base/349567

Log:
  Revert r349400. It has uintended effects.
  
  Reported by:	christos at NetBSD.org
  X-MFC with:	r349400.

Modified:
  head/sys/contrib/ipfilter/netinet/fil.c

Modified: head/sys/contrib/ipfilter/netinet/fil.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/fil.c	Sun Jun 30 20:21:27 2019	(r349566)
+++ head/sys/contrib/ipfilter/netinet/fil.c	Sun Jun 30 22:27:58 2019	(r349567)
@@ -1732,22 +1732,24 @@ ipf_pr_ipv4hdr(fin)
 
 		fi->fi_flx |= FI_FRAG;
 		off &= IP_OFFMASK;
-		fin->fin_flx |= FI_FRAGBODY;
-		off <<= 3;
-		if ((off + fin->fin_dlen > 65535) ||
-		    (fin->fin_dlen == 0) ||
-		    ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
-			/*
-			 * The length of the packet, starting at its
-			 * offset cannot exceed 65535 (0xffff) as the
-			 * length of an IP packet is only 16 bits.
-			 *
-			 * Any fragment that isn't the last fragment
-			 * must have a length greater than 0 and it
-			 * must be an even multiple of 8.
-			 */
-			fi->fi_flx |= FI_BAD;
-			DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
+		if (off != 0) {
+			fin->fin_flx |= FI_FRAGBODY;
+			off <<= 3;
+			if ((off + fin->fin_dlen > 65535) ||
+			    (fin->fin_dlen == 0) ||
+			    ((morefrag != 0) && ((fin->fin_dlen & 7) != 0))) {
+				/*
+				 * The length of the packet, starting at its
+				 * offset cannot exceed 65535 (0xffff) as the
+				 * length of an IP packet is only 16 bits.
+				 *
+				 * Any fragment that isn't the last fragment
+				 * must have a length greater than 0 and it
+				 * must be an even multiple of 8.
+				 */
+				fi->fi_flx |= FI_BAD;
+				DT1(ipf_fi_bad_fragbody_gt_65535, fr_info_t *, fin);
+			}
 		}
 	}
 	fin->fin_off = off;